efi_loader: efi_tcg2_register returns appropriate error

This commit modify efi_tcg2_register() to return the appropriate error. With this fix, sandbox will not boot because efi_tcg2_register() fails due to some missing feature in GetCapabilities. So disable sandbox if EFI_TCG2_PROTOCOL is enabled. UEFI secure boot variable measurement is not directly related to TCG2 protocol installation, tcg2_measure_secure_boot_variable() is moved to the separate function. Signed-off-by: Masahisa Kojima <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
author: Masahisa Kojima <[email protected]> 2021-12-07 14:15:31 +0900
committer: Heinrich Schuchardt <[email protected]> 2021-12-09 11:43:25 -0800
commit: 54bec17f6b0326bbc22f993d28170d4c4df4ceed (patch)
tree: 8abef9e20ff7c5496c62ee7f730590733b77c6e3 /lib/efi_loader/Kconfig
parent: 446266b024c971a6afa4eb256b2995a245d4eb49 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 700dc838ddb..24f9a2bb757 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -308,6 +308,8 @@ config EFI_TCG2_PROTOCOL
 	bool "EFI_TCG2_PROTOCOL support"
 	default y
 	depends on TPM_V2
+	# Sandbox TPM currently fails on GetCapabilities needed for TCG2
+	depends on !SANDBOX
 	select SHA1
 	select SHA256
 	select SHA384
author	Masahisa Kojima <[email protected]>	2021-12-07 14:15:31 +0900
committer	Heinrich Schuchardt <[email protected]>	2021-12-09 11:43:25 -0800
commit	54bec17f6b0326bbc22f993d28170d4c4df4ceed (patch)
tree	8abef9e20ff7c5496c62ee7f730590733b77c6e3 /lib/efi_loader/Kconfig
parent	446266b024c971a6afa4eb256b2995a245d4eb49 (diff)